Title :
Detect multi-hop stepping-stone pairs with clock skew
Author :
Kuo, Ying-Wei ; Huang, Shou-Hsuan Stephen ; Hill, Christopher
Author_Institution :
Dept. of Comput. Sci., Univ. of Houston, Houston, TX, USA
Abstract :
Stepping-stone attacks in network intrusion detection are attackers who use a sequence of stepping-stone hosts to initiate attacks in order to hide their origins. The goal of this paper is to find algorithms to correctly detect the attacks and have the ability to tolerate the clock skew or/and chaff while exhibiting low time complexity. We propose three novel algorithms for detecting correlation and similarity of two connections not only into and out of a single stepping stone host (consecutive streams), but also across multiple stepping-stone hosts. To evaluate the accuracy and efficiency, we conduct extensive experiments. We also evaluate how chaff packets and clock skew may affect these methods. We present a comparison of the algorithms in terms of false rates of detection, and identify one of the approaches that can efficiently achieve good performance under a variety of circumstances.
Keywords :
clocks; computational complexity; security of data; chaff packets; clock skew; correlation detection; multihop stepping stone pair detection; network intrusion detection; stepping stone host; time complexity; Algorithm design and analysis; Clocks; Complexity theory; Correlation; Delay; Internet; Synchronization; chaff; clock skew; connection chain; intrusion detection; network security; pattern recognition; stepping-stone attack;
Conference_Titel :
Information Assurance and Security (IAS), 2010 Sixth International Conference on
Conference_Location :
Atlanta, GA
Print_ISBN :
978-1-4244-7407-3
DOI :
10.1109/ISIAS.2010.5604044
